Preconfigured device representations

ABSTRACT

Technology is described for providing preconfigured device representations in a service provider environment. A plurality of device representation parameters may be received for a device via a user account. A preconfigured device representation may be created for the device using the plurality of device representation parameters. The preconfigured device representation may be associated with the user account. The device may be registered with the service provider environment. A registration of the device may be performed when the device initially connects to the service provider environment. The registration may assign a device identifier to the device and may associate the user account with the device. The preconfigured device representation may be provided to the device after the registration of the device is completed.

PRIORITY DATA

This application is a continuation of U.S. patent application Ser. No.16/700,999, filed Dec. 2, 2019, which is a division of U.S. patentapplication Ser. No. 15/385,560, filed Dec. 20, 2016, now issued U.S.Pat. No. 10,498,598 which is incorporated herein by reference.

BACKGROUND

The Internet of Things (IoT) is the interconnection of computing devicesscattered across the globe using the existing Internet infrastructure.IoT devices may be assigned a unique identifier, such as an InternetProtocol version 6 (IPv6) address, an IPv4 address, a uniform resourceidentifier (URI), or a global unique identifier. IoT devices maysecurely communicate data over a network to a centralized IoT service ina service provider environment. The IoT devices may register with theIoT service prior to communicating data to the IoT service.

IoT devices may be embedded in a variety of physical devices orproducts, such as industrial equipment, farm machinery, home appliances,manufacturing devices, industrial printers, automobiles, thermostats,smart traffic lights, vehicles, buildings, etc. These physical devicesmay have embedded electronics, actuators, motors, software, sensors, andnetwork connectivity that enables these physical devices to collect andexchange data. IoT may be useful for a number of applications, such asenvironmental monitoring, farming, infrastructure management, industrialapplications, building and home automation, energy management, medicaland healthcare systems, transport systems, etc.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a system and related operations for creating andproviding device representations to an Internet of Things (IoT) deviceafter a registration of the IoT device according to an example of thepresent technology.

FIG. 2 is an illustration of a networked system for creatingpreconfigured device representations according to an example of thepresent technology.

FIG. 3 illustrates operations for creating and providing devicerepresentations to an Internet of Things (IoT) device after aregistration of the IoT device according to an example of the presenttechnology.

FIG. 4 illustrates a system and related operations for creating apreconfigured device representation for an Internet of Things (IoT)device based on device representation parameters and media content fromone or more services operating in a service provider environmentaccording to an example of the present technology.

FIG. 5 illustrates a system and related operations for triggering anexecution of program code in a service provider environment based on apreconfigured device representation installed on an Internet of Things(IoT) device according to an example of the present technology.

FIG. 6 is a flowchart of an example method for creating preconfigureddevice representations in a service provider environment.

FIG. 7 is a flowchart of another example method for creatingpreconfigured device representations in a service provider environment.

FIG. 8 is a block diagram that provides an example illustration of acomputing device that may be employed in the present technology.

FIG. 9 is a block diagram of a service provider environment according toan example of the present technology.

DETAILED DESCRIPTION

A technology is described for creating device representations for anInternet of Things (IoT) device. The device representations may includepreconfigured device representations and dynamic device representations.The preconfigured device representation may be created during afulfillment phase of the IoT device, and then stored in a serviceprovider environment. After a user is in possession of the IoT device,the IoT device may first generically register with the service providerenvironment and then receive a non-generic registration associated witha user account. The non-generic registration may enable the IoT deviceto retrieve the preconfigured device representation for installation onthe IoT device. A dynamic device representation may be dynamicallycreated as the IoT device registers with the service providerenvironment (or after the IoT device registers). The dynamic devicerepresentation may also be provided to the IoT device and installed onthe IoT device.

In one configuration, a device configuration service that operates inthe service provider environment may create the preconfigured devicerepresentation for the IoT device. The device configuration service maycreate the preconfigured device representation based on instructionsreceived from a client computing device. For example, the clientcomputing device may provide various device representation parametersand/or media content files, which may be used by the deviceconfiguration service when creating the preconfigured devicerepresentation for the IoT device. The preconfigured devicerepresentation may be associated with a specific user account. Forexample, the user account may be accessed using the client computingdevice, and then the preconfigured device representation may be createdwhen a user is logged into the user account. The preconfigured devicerepresentation may include settings, parameters, media content files,drivers, proprietary instructions (e.g., custom scripts),configurations, etc. for the IoT device. The preconfigured devicerepresentation may include pairing information for pairing the IoTdevice with program code(s), services, or computing resources executingin the service provider environment. After creation of the preconfigureddevice representation, the preconfigured device representation may bestored at the device configuration service until the preconfigureddevice representation is retrieved by the IoT device.

In one example, the preconfigured device representation may be createdduring the fulfillment phase of the IoT device. For example, thepreconfigured device representation may be created after the IoT deviceis purchased from an electronic marketplace or a retail store, but priorto the IoT device being in possession of the user that purchased the IoTdevice. The preconfigured device representation may be created when apurchase order is being processed by the electronic marketplace, orafter the IoT device has shipped and is enroute to the user's location.In some cases, the preconfigured device representation may be createdafter the IoT device has been delivered to the user, but before the IoTdevice initially connects to the service provider environment.

In one configuration, after the IoT device is in the possession of theuser that purchased the IoT device, the IoT device may be powered on andsend a registration request message to a device registration service.The IoT device may send the registration request message using a deviceregistration representation (e.g., a generic configuration) that isstored on the IoT device during a manufacturing process. For example,the device registration representation may include a uniform resourcelocator (URL) to enable communication with the device registrationservice. The device registration representation may include a uniqueidentifier for the IoT device, such as a serial number or a media accesscontrol (MAC) address, and the unique identifier may indicate that theIoT device is an authentic device (e.g., not a device that wasmanufactured illegally). The registration request message may include anauthentication certificate, and the device registration service mayverify that the authentication certificate included in the registrationrequest message is a valid authentication certificate. If theauthentication certificate is valid, the device registration service mayperform a device registration procedure with the IoT device to registerthe IoT device with the service provider environment. The deviceregistration procedure may involve dynamically assigning a deviceidentifier to the IoT device. In addition, during registration, the IoTdevice may be associated with a user account (e.g., the user accountthat was used when creating the preconfigured device representation).

In one example, the non-generic registration of the IoT device may causethe dynamic device representation to be dynamically created for the IoTdevice in the service provider environment. The dynamic devicerepresentation (e.g., a non-generic configuration) may be provided tothe IoT device for installation on the IoT device. The non-genericregistration may enable the IoT device to connect to other services thatoperate in the service provider environment (as opposed to the deviceregistration representation which may only enable the IoT device toconnect to the device registration service). Using the non-genericregistration, the IoT device may also connect to the deviceconfiguration service and retrieve the preconfigured devicerepresentation that is stored for the IoT device. For example, the IoTdevice may send a request for the preconfigured device representation tothe device configuration service, and the request may include the deviceidentifier associated with the IoT device (i.e., the device identifierthat was assigned to the IoT device during registration). The deviceconfiguration service may retrieve the preconfigured devicerepresentation from a data store based on the device identifier, and thepreconfigured device representation may be provided to the IoT devicefor installation on the IoT device.

In one configuration, the installation of the preconfigured devicerepresentation on the IoT device may enable the IoT device to be pairedwith program codes that are executing in the service providerenvironment. In another configuration, the installation of thepreconfigured device representation on the IoT device may enable the IoTdevice to provide media content that is included in the preconfigureddevice representation. The media content may include video, audio,images and/or digital text. Depending on the settings, parameters, mediacontent files, configurations, etc. that are included in thepreconfigured device representation for the IoT device, the IoT devicemay gain additional capabilities after the preconfigured devicerepresentation is installed on the IoT device.

FIG. 1 illustrates an exemplary system and related operations forcreating and providing device representations 111 to an Internet ofThings (IoT) device 140. The device representations 111 may includepreconfigured device representations 112 and dynamic devicerepresentations 113. A device configuration service 110 in a serviceprovider environment 100 may create a preconfigured devicerepresentation 112 for the IoT device 140, and the preconfigured devicerepresentation 112 may be stored at the device configuration service110. The IoT device 140 may complete a registration procedure with adevice registration service 120 (also known as an onboarding andprovisioning service) in the service provider environment 100. Duringthe registration procedure, a dynamic device representation 113 (e.g., anon-generic configuration) may be dynamically created for the IoT device140, and the dynamic device representation 113 may be provided forinstallation on the IoT device 140. The IoT device 140 may also retrievethe preconfigured device representation 112 from the deviceconfiguration service 110. The preconfigured device representation 112may be installed on the IoT device 140, and the preconfigured devicerepresentation 112 may augment the capabilities of the IoT device 140.

In one configuration, the device configuration service 110 may createthe preconfigured device representation 112 based on instructionsreceived from a client device 130. The preconfigured devicerepresentation 112 may be associated with a specific user account 134.For example, the user account 134 may be accessed using the clientdevice 130, and then the preconfigured device representation 112 may becreated when a user is logged into the user account 134. In one example,the client device 130, via a user interface 132, may select a pluralityof device representation parameters. The user interface 132 may beprovided on an electronic page, and the electronic page may beassociated with an online retail store. The device representationparameters may include settings, configurations, variables, drivers,etc. for the IoT device 290. The client device 130, via the userinterface 132, may select or upload media content files for the IoTdevice 290. Alternatively, the device representation parameters mayinclude a pointer to media content files stored in a data store and/orservice in the service provider environment 100. The devicerepresentation parameters and/or media content files may vary dependingon a type of IoT device 140. Based on the device representationparameters, media content files, etc., the device configuration service110 may create the preconfigured device representation 112 specificallyfor the IoT device 140. The preconfigured device representation 112 maybe a computer file that incorporates the various settings,configurations, parameters, media content files, etc. selected and/oruploaded from the client device 130. The device configuration service110 may locally store the preconfigured device representation 112 untillater retrieved by the IoT device 140.

In one example, the preconfigured device representation 112 may becreated during a fulfillment phase of the IoT device 140. For example,the preconfigured device representation 112 may be created after the IoTdevice 140 is purchased from an electronic marketplace, but prior to theIoT device 140 being in possession of a user that purchased the IoTdevice 140. The preconfigured device representation 112 may be createdwhen a purchase order for the IoT device 140 is being processed by theelectronic marketplace, or when the IoT device 140 has shipped and isenroute to the user's location. Alternatively, the preconfigured devicerepresentation 112 may be created after the IoT device 140 has beendelivered to the user, but before the IoT device 140 initially connectsto the service provider environment 100.

In some cases, processing the purchase order for the IoT device 140 andshipping the IoT device 140 may take up to several days. Therefore,rather than waiting until the user is in possession of the IoT device140 to configure the IoT device 140, the preconfigured devicerepresentation 112 for the IoT device 140 may be created during afulfillment phase of the IoT device 140 (e.g., before the IoT device 140is delivered). As a result, after the user is in possession of the IoTdevice 140, the IoT device 140 may simply retrieve the preconfigureddevice representation 112 that has already been created specifically forthe IoT device 140. This allows for increased efficiency since the timeperiod between purchasing the IoT device 140 and delivering the IoTdevice 140 may be utilized to create the preconfigured devicerepresentation 112.

As a non-limiting example, the IoT device 140 may be a digital pictureframe. The client device 130 may upload or select images via the userinterface 132, and the preconfigured device representation 112 may becreated to include the images. After the digital picture frame isdelivered to the user, the preconfigured device representation 112 withthe images may be retrieved by the digital picture frame. Rather thanthe user uploading the images to the digital picture frame after thepicture frame is delivered, the user may create the preconfigured devicerepresentation 112 with the images ahead of time (e.g., when a purchaseorder is being processed or during a delivery phase of the digitalpicture frame). As a result, after the digital picture frame isdelivered, the digital picture frame may simply retrieve thealready-created preconfigured device representation 112 with the images.

As another non-limiting example, the IoT device 140 may be a babymobile. The client device 130 may upload or select audio songs via theuser interface 132, and the preconfigured device representation 112 maybe created to include the audio songs. In one example, the user mayrecord an audio song, and then upload the audio song via the userinterface 132. After the baby mobile is delivered to the user, thepreconfigured device representation 112 with the audio songs may beretrieved by the baby mobile.

As yet another non-limiting example, the IoT device 140 may be an IoTbutton. The IoT button may be a programmable hardware device, and theIoT button may be linked to an IoT user account. When pressed orclicked, the IoT button may trigger an execution of program code orprogram code function in the service provider environment 100, and theprogram code may be linked to the same IoT user account. The programcode may be high level source code that is executable. The program codemay include entire executable programs (e.g., including a main( )function), independent functions or executable code snippets. Theprogram code may be written or updated during a time period in which apurchase order for the IoT button is being processed and/or the IoTbutton is being delivered. The execution of the program code may resultin various functions being performed. Non-limiting examples of suchfunctions may include counting or tracking items, calling or alerting anindividual, ordering services, providing feedback, unlocking or startinga vehicle, opening a garage door, controlling household appliances,accessing a service, launching a service, launching a computinginstance, etc. The client device 130 may select device representationparameters via the user interface 132 for the preconfigured devicerepresentation 112, and the device representation parameters may be forpairing the IoT button with the program code in the service providerenvironment 100. After the IoT button is delivered to the user, thepreconfigured device representation 112 with the device representationparameters that pair the IoT button with the program code may beretrieved by the IoT button.

As another non-limiting example, the IoT device 140 may be ahealth-related device, such as a connected toothbrush, heart ratemonitor, blood pressure monitoring device, etc. The client device 130may upload or select health care information for a user via the userinterface 132, and the preconfigured device representation 112 may becreated to include the health care information. After the health-relateddevice is delivered to the user, the preconfigured device representation112 with the health care information for the user may be retrieved bythe health-related device.

In one configuration, after the IoT device 140 has been delivered, theIoT device 140 may be powered on and connected to a wireless local areanetwork (WLAN) using appropriate network credentials in a deviceregistration representation 142 (e.g., a generic configuration). Afterestablishing a connection with the WLAN, the IoT device 140 mayautomatically initiate a procedure to be registered with the deviceregistration service 120. For example, the IoT device 140 may send aregistration request message to the device registration service 120. Theregistration request message may also indicate a type of IoT device 140.The IoT device 140 may be capable of sending the registration requestmessage based on the device registration representation 142 installed onthe IoT device 140. The device registration representation 142 may beinstalled during a manufacturing process of the IoT device 140, and thedevice registration representation 142 may include information thatenables the IoT device 140 to connect to the device registration service120. For example, the device registration representation 142 may includea uniform resource locator (URL) associated with the device registrationservice 120. The device registration representation 142 may limit theIoT device 140 to only connect to the device registration service 120.The device registration representation 142 may prevent the IoT device140 from connecting to other services in the service providerenvironment, such as the device configuration service 110 that storesthe preconfigured device representations 112.

In one configuration, the registration request message may be sent fromthe IoT device 140 to the device registration service 120 via apublisher-subscriber model or a request-response model. In thepublisher-subscriber model, the registration request message may bepublished to a topic. The registration request message may remain on thetopic until the registration request message is picked up by the deviceregistration service 120. For example, the registration request messagemay remain on the topic indefinitely until the registration requestmessage is picked up by the device registration service 120. Incontrast, in the request-response model, the registration requestmessage may expire if not picked up within a defined period of time(e.g., 3-4 seconds). In this case, the IoT device 140 may keep resendingthe registration request message until it is picked up by the deviceregistration service 120. After the registration request message ispicked up by the device registration service 120, the deviceregistration procedure may be started between the IoT device 140 and thedevice registration service 120.

In one example, the registration request message sent by the IoT device140 to the device registration service 120 may include an authenticationcertificate. The device registration service 120 may verify that theauthentication certificate included in the registration request messageis a valid authentication certificate. In other words, the deviceregistration service 120 may verify an identity of the IoT device 140based on the authentication certificate, and that the IoT device 140 iseligible to be registered with the service provider environment 100.After verification of the authentication certificate, the deviceregistration service 120 may send a code to the IoT device 140. The codemay include a bar code, a quick response (QR) code, a radio frequency(RF) identifier (ID), etc. The user may log into an IoT user accountusing the client device 130 and provide, scan, or otherwise capture thecode, which may result in the IoT device 140 being claimed by the IoTuser account. In other words, by providing the code, the user may show apossession of the IoT device 140 that the user is attempting to registerwith the device registration service 120, and an ownership of the IoTdevice 140 may be passed from the device registration service 120 to theIoT user account. The device registration procedure may involvedynamically assigning a device identifier (e.g., a unique identifier) tothe IoT device 140 and providing a new non-generic certificate or tokento enable access to services of the service provider environment 100.During registration, the IoT device 140 may also be associated with auser account 134 (e.g., the user account 134 that was used when creatingthe preconfigured device representation 112). In addition, theregistration of the IoT device 140 may involve the device registrationservice 120 creating one or more IoT objects for the IoT device 140, andthe IoT objects may be stored in a registry in the service providerenvironment 100. These IoT objects may include policy objects, shadowobjects, IoT “thing” objects and certificate objects for the IoT device140.

In one example, the dynamic device representation 113 may be dynamicallycreated for the IoT device 140 during the device registration procedure.The device registration service 120 may send the dynamic devicerepresentation 113 (e.g., the non-generic configuration) to the IoTdevice 140. The dynamic device representation 113 may be stored alongwith the preconfigured device representation 112 in a data store thatcontains the device representations 111. The dynamic devicerepresentation 113 may be a non-generic configuration that replaces thedevice registration representation 142 (e.g., the generic configuration)that was previously installed on the IoT device 140. A non-genericdevice registration may enable the IoT device 140 to connect to otherservices that operate in the service provider environment 100, such asthe device configuration service 110. In contrast, the deviceregistration representation 142 may only enable the IoT device 140 toconnect to the device registration service 120. When connecting to thedevice configuration service 110, the IoT device 140 may present a newauthentication certificate, and the new authentication certificate mayhave been received at the IoT device 140 in response to the IoT device140 sending an authentication certificate signing request (CSR) to theservice provider environment 100 during the device registrationprocedure.

Using the non-generic device registration, the IoT device 140 mayconnect to the device configuration service 110 and retrieve thepreconfigured device representation 112 that is stored for the IoTdevice 140 by the device configuration service 110. For example, the IoTdevice 140 may send a request for the preconfigured devicerepresentation 112 to the device configuration service 110, and therequest may include the device identifier associated with the IoT device140 (e.g., the device identifier that may have been assigned to the IoTdevice during registration). The device configuration service 110 mayretrieve the preconfigured device representation 112 based on the deviceidentifier, and the preconfigured device representation 112 may beprovided to the IoT device 140 for installation on the IoT device 140.The installation of the preconfigured device representation 112 mayaugment the capabilities of the IoT device 140.

As a non-limiting example, if the IoT device 140 is a digital pictureframe, the installation of the preconfigured device representation 112may enable the IoT device to display certain images. As anothernon-limiting example, if the IoT device 140 is a baby mobile, theinstallation of the preconfigured device representation 112 may enablethe IoT device to play certain audio content. As yet anothernon-limiting example, if the IoT device 140 is an IoT button, theinstallation of the preconfigured device representation 112 may causecertain program code(s) to be executed in the service providerenvironment 100 when a button on the IoT device 140 is pressed. Thepreconfigured device representation 112 may enable the user topersonalize the IoT device 140.

In one configuration, the IoT device 140 may connect to the deviceconfiguration service 110 to retrieve the preconfigured devicerepresentation 112, and after the preconfigured device representation112 is installed on the IoT device 140, the IoT device 140 maydisconnect from the service provider environment 100. At a later time,the IoT device 140 may reconnect to the device configuration service 110to retrieve an updated preconfigured device representation 112 for theIoT device 140. In other words, the IoT device 140 may or may notmaintain a persistent connection with services that operate in theservice provider environment 100.

In one configuration, the preconfigured device representation 112 may beapplicable for multiple IoT devices 140. The multiple IoT devices 140may be part of a predefined topology or predefined scene. For example,when creating the preconfigured device representation 112, the clientdevice 130 may provide information regarding additional IoT devices 140(e.g., existing IoT devices that are already in the home) that areexpected to be in network proximity to a recently purchased IoT device140. In other words, the client device 130 may provide informationregarding the additional IoT devices 140 included in the predefinedtopology or predefined scene. The device configuration service 110 maycreate the preconfigured device representation 112 to incorporate themultiple IoT devices 140 based on the information received from theclient device 130. As a non-limiting example, the preconfigured devicerepresentation 112 may be applicable to a smart lighting device that wasrecently purchased, as well as existing systems that interact with thesmart lighting device.

In one example, the dynamic device representation 113 may includesupplemental device representations (e.g., configuration files) for theIoT device 140. The supplemental device representations may be tailoredto a type of IoT device 140. The supplemental device representations mayinclude supplemental information that may be of interest to the IoTdevice 140. The supplemental information may further augment thecapabilities provided by the preconfigured device representation 112 tothe IoT device 140. For example, the supplemental device representationsmay include uniform resource locators (URLs) for locating firmwareupdates, weather information, traffic information, etc. depending on thetype of IoT device 140. As another example, the supplemental devicerepresentations may include default states for the IoT device 140 incertain times or situations. As a non-limiting example, if the IoTdevice 140 is a smart thermostat, the supplemental devicerepresentations may instruct the IoT device 140 to be in a first state(e.g., a temperature setting of 70 degrees) in the morning, a secondstate (e.g., a temperature setting of 64 degrees) in the afternoon, anda third state (e.g., a temperature setting of 70 degrees) in theevening.

In another example, the supplemental device representations that areprovided to the IoT device 140 may be selected based on a geographiclocation of the IoT device 140. For example, if the IoT device 140 is anautomobile, depending on the geographical location of the IoT device 140when the IoT device 140 performs the registration procedure, thesupplemental device representation may include specific automobileparameters that are tailored to the geographical location of the IoTdevice 140. These automobile parameters may be based on altitude,terrain, predicted climate, etc.

In another example, the IoT device 140 may share the preconfigureddevice representation 112 with additional IoT devices that are locatedin proximity to the IoT device 140. The preconfigured devicerepresentation 112 may be shared between the IoT devices using anappropriate communication protocol, such as Bluetooth. The IoT devicemay only share the preconfigured device representation 112 after theadditional IoT devices have been registered with the device registrationservice 120. In other words, when the additional IoT devices have notregistered with the device registration service 120, the preconfigureddevice representation 112 may be unusable.

FIG. 2 illustrates components of an example service provider environment200 according to one example of the present technology. The serviceprovider environment 200 may include a device configuration service 210,a data registration service 240, and servers 260 that execute programcode 262. The device configuration service 210 may operate one or morecomputing instances 220 and data store(s) 232 to create devicerepresentations for an Internet of Things (IoT) device 290. The devicerepresentations may include preconfigured device representations 234 anddynamic device representations 235. The device configuration service 210may provide the preconfigured device representation 234 to the IoTdevice 290 via a network 270. The device registration service 240 mayoperate one or more computing instances 250 to perform a deviceregistration procedure that registers the IoT device 290 with theservice provider environment 200. The device registration service 240may register the IoT device 290 via the network 270. In addition, thedevice configuration service 210 may be in communication with a clientcomputing device 280 via the network 270. For example, the clientcomputing device 280 may select various device representation parametersfor creation of the preconfigured device representation 234.

In one example, the data store 232 maintained by the deviceconfiguration service 210 may include the preconfigured devicerepresentations 234. A preconfigured device representation 234 may beinstalled on the IoT device 290 in order to augment a capability of theIoT device 290. The preconfigured device representation 234 may be afile that includes various settings, parameters, media content files,configurations, etc., and the preconfigured device representation 234may be dedicated to a specific IoT device 290. As an example, thepreconfigured device representation 234 may include various settings,parameters, configurations, etc. that pair the IoT device 290 to the oneor more program codes 262, services, or computing resources that executein the service provider environment 200. For example, the IoT device maybe paired with computing (e.g., computing instances), storage (e.g.,object storage, NoSQL data stores, etc.), networking (e.g., virtualrouters), database resources (e.g., Hadoop clusters), and developmentresources in a service provider environment. As another example, thepreconfigured device representation 234 may include various types ofmedia content files, such as images, audio files, video files, etc. Asyet another example, the preconfigured device representation 234 mayinclude executable files that are installable on the IoT device 290.

In one example, the data store 232 maintained by the deviceconfiguration service 210 may include the dynamic device representations235. A dynamic device representation 235 may be a non-generic deviceconfiguration that is dynamically created for the IoT device 290 whenthe IoT device 290 registers with the device registration service 240.The dynamic device representation 235 may not be present until the IoTdevice 290 initiates the registration procedure or at some point afterthe registration. The non-generic registration may enable the IoT device290 to connect to various services in the service provider environment200. For example, the non-generic registration may enable the IoT device290 to retrieve the preconfigured device representation 234 from thedevice configuration service 210. In addition, the dynamic devicerepresentation 235 may include supplemental representations that augmentthe capabilities of the IoT device 290. The supplemental devicerepresentations may be tailored to a type of IoT device 290. In otherwords, the supplemental device representations may be selected dependingon the type of IoT device 290 (e.g., thermostat, farm equipment).

The computing instance(s) 220 operated by the device configurationservice 210 may include a number of modules for creating and providingthe preconfigured device representations 234. The computing instance(s)220 may include a device parameters reception module 222, a devicerepresentation creation module 224, a device representation transmissionmodule 226, and other applications, services, processes, systems,engines, or functionality not discussed in detail herein. In addition,the computing instance(s) 220 may run on one or more computing devicesin the service provider environment 200.

The device parameters reception module 222 may be configured to receivea plurality of device representation parameters for an IoT device 290.The device representation parameters may be received from the clientcomputing device 280. For example, the device representation parametersmay be selected or uploaded via a user interface 282 on the clientcomputing device 280. The device representation parameters may includesettings, configurations, etc. for the IoT device 290. In addition, thedevice parameters reception module 222 may receive media content filesfrom the client computing device 280 via the user interface.

The device representation creation module 224 may be configured tocreate the preconfigured device representation 234 for the IoT device290 based on the plurality of device representation parameters. In otherwords, the preconfigured device representation 234 for the IoT device290 may include the various settings, parameters, media content files,configurations, etc. provided from the client computing device 280. Thepreconfigured device representation 234 may be stored in the data store232 associated with the device configuration service 210, and thepreconfigured device representation 234 may be held until retrieved bythe IoT device 290. In one configuration, the device representationcreation module 224 may create the preconfigured device representation234 before the IoT device 290 registers with the service providerenvironment 200, and the IoT device 290 may or may not be in possessionof a user that purchased the IoT device 290. For example, thepreconfigured device representation 234 may be created when the IoTdevice 290 is being shipped to the user that purchased the IoT device290).

The device representation transmission module 226 may be configured totransmit the preconfigured device representation 234 to the IoT device290. The device representation transmission module 226 may transmit thepreconfigured device representation 234 after the IoT device 290 isregistered with the device registration service 240. In one example, thedevice representation transmission module 226 may receive a request forthe preconfigured device representation 234 from the IoT device 290, andthe request may include a device identifier associated with the IoTdevice 290. The device representation transmission module 226 mayretrieve the preconfigured device representation 234 from the data store232 based on the device identifier, and then provide the preconfigureddevice representation 234 to the IoT device 290 for installation on theIoT device 290.

The computing instance(s) 250 operated by the device registrationservice 240 may include a device registration module 252. The deviceregistration module 252 may be configured to receive a registrationrequest message from the IoT device 290. The registration requestmessage may be sent based on a device registration representation (e.g.,generic configuration) that is installed on the IoT device 290. Theregistration request message may include an authentication certificate.The device registration module 252 may verify that the authenticationcertificate included in the registration request message received fromthe IoT device 290 is a valid authentication certificate. If theauthentication certificate is valid, the device registration module 252may perform a device registration procedure to register the IoT device290 with the service provider environment 200. During the deviceregistration procedure, the IoT device 290 may be assigned the deviceidentifier. The device registration module 252 may provide non-genericregistration to the IoT device 290, and the non-generic registration mayenable the IoT device 290 to connect to the device configuration service210 to retrieve the preconfigured device representation 234 or thedynamic device representation 232. In addition, the computinginstance(s) 250 that operate the device registration service 240 may runon one or more computing devices in the service provider environment200.

The client computing device 280 may comprise a computer system that isembodied in the form of a desktop computer, a laptop computer, mobiledevices, cellular telephones, smartphones, set-top boxes,network-enabled televisions, tablet computer systems, or other deviceswith like capability.

The IoT device 290 may include a device registration module 292configured to send, to the device registration service 240, theregistration request message that includes an authenticationcertificate. The device registration module 292 may communicate to thedevice registration service 240 after the IoT device 290 is powered onbased on the device registration representation that is pre-installed onthe IoT device 290 during a manufacturing process, and the deviceregistration representation may include a uniform resource locator (URL)of the device registration service 210. The device registration module292 may perform a device registration procedure with the deviceregistration service 240, such that the IoT device 290 may becomeregistered with the service provider environment 200.

The IoT device 290 may be configured to send, to the deviceconfiguration service 210, a request for the preconfigured devicerepresentation 234 after a registration of the IoT device 290 iscompleted. The IoT device 290 may communicate to the deviceconfiguration service 210 after the IoT device 290 is registered andreceives the non-generic registration. The IoT device 290 may receivethe preconfigured device representation 234 from the deviceconfiguration service 210, and the preconfigured device representation234 may be installed on the IoT device 290.

The IoT device 290 may comprise, for example a processor-based systemsuch as a computing system. As non-limiting examples, the IoT device 290may include consumer products (e.g., rice cookers, printers, scanners,digital picture frames, toys), home automation products (e.g., smartthermostats, smart refrigerators, heating, air conditioning, etc.),manufacturing devices, farming devices, factory devices, industrialmetal stamping devices, industrial robots, sensors, drones, or otherdevices that are assigned unique identifiers and are capable ofcommunicating data over the network 270. Commercial devices may also beincluded in the definition of the IoT device 290, including: commercialprinting presses, commercial freezers, commercial kilns, commercialmixers or other commercial equipment.

The various processes and/or other functionality contained within theservice provider environment 200 may be executed on one or moreprocessors that are in communication with one or more memory modules.The service provider environment 200 may include a number of computingdevices that are arranged, for example, in one or more server banks orcomputer banks or other arrangements. The computing devices may supporta computing environment using hypervisors, virtual machine managers(VMMs) and other virtualization software.

The term “data store” may refer to any device or combination of devicescapable of storing, accessing, organizing and/or retrieving data, whichmay include any combination and number of data servers, relationaldatabases, object oriented databases, cluster storage systems, datastorage devices, data warehouses, flat files and data storageconfiguration in any centralized, distributed, or clustered environment.The storage system components of the data store may include storagesystems such as a SAN (Storage Area Network), cloud storage network,volatile or non-volatile RAM, optical media, or hard-drive type media.The data store may be representative of a plurality of data stores ascan be appreciated.

The network 270 may include any useful computing network, including anintranet, the Internet, a localized network, a wide area network, awireless data network, or any other such network or combination thereof.Components utilized for such a system may depend at least in part uponthe type of network and/or environment selected. Communication over thenetwork may be enabled by wired or wireless connections and combinationsthereof.

FIG. 2 illustrates that certain processing modules may be discussed inconnection with this technology and these processing modules may beimplemented as computing services. In one example configuration, amodule may be considered a service with one or more processes executingon a server or other computer hardware. Such services may be centrallyhosted functionality or a service application that may receive requestsand provide output to other services or consumer devices. For example,modules providing services may be considered on-demand computing thatare hosted in a server, virtualized service environment, grid or clustercomputing system. An API may be provided for each module to enable asecond module to send requests to and receive output from the firstmodule. Such APIs may also allow third parties to interface with themodule and make requests and receive output from the modules. While FIG.2 illustrates an example of a system that may implement the techniquesabove, many other similar or different environments are possible. Theexample environments discussed and illustrated above are merelyrepresentative and not limiting.

FIG. 3 illustrates operations for creating and providing devicerepresentations to an Internet of Things (IoT) device 320. The devicerepresentations may include preconfigured device representations anddynamic device representations. The preconfigured device representationmay be created by a device configuration service 330 operating in theservice provider environment 300, and the preconfigured devicerepresentation may be created before the IoT device 320 is registeredwith a device registration service 340 in the service providerenvironment 300. The preconfigured device representation may beinstalled on the IoT device 320 after registration to augment thecapabilities of the IoT device 320.

In a first step, a client device 310 may send various devicerepresentation parameters to a device configuration service 300 thatoperates in a service provider environment 300. The devicerepresentation parameters may include settings, configurations,parameters, etc. for the IoT device 320. In one example, a userassociated with the client device 310 may select the devicerepresentation parameters via a user interface on the client device 310,and then the device representation parameters may be sent from theclient device 310 to the device configuration service 330. For example,the user interface may be provided when a user purchases the IoT device320 from an electronic marketplace. In other words, the user interfacemay be provided by a merchant that is offering the IoT device 320 forsale.

In a second step, the device configuration service 330 may receive thedevice representation parameters. The device configuration service 330may create the preconfigured device representation for the IoT device320 using the device representation parameters. For example, thepreconfigured device representation may be a file that incorporates thedevice representation parameters. The preconfigured devicerepresentation may be stored at the device configuration service 330until the preconfigured device representation is later retrieved by theIoT device 320. In one example, the preconfigured device representationmay be associated with a specific user account. For example, the useraccount may be accessed using the client device 310, and then thepreconfigured device representation may be created when a user is loggedinto the user account.

In a third step, the IoT device 320 may be powered on. The IoT device320 may be powered on after being received by the user. In other words,the IoT device 320 may initially power on for a first time after beingdelivered to the user.

In a fourth step, the IoT device 320 may send a registration requestmessage to the device registration service 340. The IoT device 320 maysend the registration request message based on a device registrationrepresentation (e.g., a generic configuration) that is installed on theIoT device 320 during a manufacturing process. For example, the deviceregistration representation may include a uniform resource locator (URL)address of the device registration service 340. In addition, the deviceregistration representation may include a unique identifier for the IoTdevice 320, such as a serial number of a media access control (MAC)address, and the unique identifier may indicate that the IoT device 320is an authentic device. Using the device registration representation,the IoT device 320 may send the registration request message to thedevice registration service 340. The registration request message mayindicate the type of IoT device (e.g., toy, digital picture frame,thermostat), and the registration request message may include anauthentication certificate.

In a fifth step, the IoT device 320 and the device registration service340 may perform a device registration procedure to register the IoTdevice 320 with the service provider environment 300. For example, thedevice registration service 340 may verify a validity of theauthentication certificate provided by the IoT device 320 in theregistration request message. In other words, the device registrationservice 340 may verify an identity of the IoT device 320 based on theauthentication certificate, and that the IoT device 320 is eligible tobe registered with the service provider environment 300. Afterverification of the authentication certificate, the device registrationservice 340 may send a code to the IoT device 320. The user may log intothe user account using the client device 310 and provide the code, whichmay result in the IoT device 320 being claimed by the user account. As aresult, the user account may be paired with the IoT device 320. In otherwords, the device registration procedure may involve dynamicallyassigning a device identifier (e.g., a unique identifier) and anon-generic certificate to the IoT device 320, and during registration,the IoT device 320 may be associated with the user account that was usedwhen creating the preconfigured device representation).

Furthermore, if the IoT device 320 is successfully registered, thedevice registration service 340 may provide a non-generic registration(e.g., a new certificate) to the IoT device 320. The non-genericregistration may enable the IoT device 320 to connect to other servicesin the service provider environment 300, such as the deviceconfiguration service 330 that is storing the preconfigured devicerepresentation for the IoT device 320.

In a sixth step, the IoT device 320 may send a request for thepreconfigured device representation to the device configuration service330. The IoT device 320 may send the request based on the non-genericregistration installed on the IoT device 320. In other words, the IoTdevice 320 may send the request after the device registration procedureis completed. In addition, the request may include a device identifierassociated with the IoT device 320.

In a seventh step, the device configuration service 330 may receive therequest for the preconfigured device representation with the deviceidentifier from the IoT device 320. The device configuration service 330may identify the preconfigured device representation for the IoT device320 from a data store based on the device identifier.

In an eight step, the device configuration service 330 may send thepreconfigured device representation to the IoT device 320. Thepreconfigured device representation may include settings, parameters,media files, configurations, etc. for the IoT device 320.

In a ninth step, the IoT device 320 may install the preconfigured devicerepresentation received from the device configuration service 330. Theinstallation of the preconfigured device representation may augment thecapabilities of the IoT device 320. For example, the preconfigureddevice representation may enable the IoT device 320 to provide mediacontent (e.g., images, songs). As another example, the preconfigureddevice representation may enable the IoT device 320 to be paired withprogram codes that execute in the service provider environment 300.

FIG. 4 illustrates an exemplary system and related operations forcreating a preconfigured device representation 414 for an Internet ofThings (IoT) device using a device configuration service 410 operatingin a service provider environment 400. The preconfigured devicerepresentation 414 may be created based on instructions received from aclient device 430 via a user interface 432. More specifically, thepreconfigured device representation 414 may be created based on devicerepresentation parameters 412 selected or uploaded from the clientdevice 430 and/or user content 422 from one or more services 420operating in a service provider environment 400. The services 420 mayinclude music streaming services, photo sharing applications, videostreaming services, electronic book services, health care services, etc.that provide the user content 422. The user content 422 may includemedia content, health care records, etc. The services 420 may be pairedwith a user account 434 associated with the client device 430.

In one configuration, the user interface 432 may enable the clientdevice 430 to select or upload the device representation parameters 412.The device representation parameters 412 may include settings,configurations, parameters, etc. to be included in the preconfigureddevice representation 414. The user interface 432 may enable the clientdevice 430 to select or upload user content 422 for incorporation intothe preconfigured device representation 414. The user content 422 may beassociated with the services 420 operating in the service providerenvironment 400. The user content 422 may include images, video files,audio files, text files, executable files, etc. Since the client device430 may already be interacting with the services 420, the client device430 may have an option to incorporate the user content 422 into thepreconfigured device representation 414 created for the IoT device. Theuser content 422 may be added to the preconfigured device representation414 (i.e., media content files may be added to the preconfigured devicerepresentation 414), or alternatively, the preconfigured devicerepresentation 414 may include a pointer to the user content 422maintained by the services 420. The installation of the preconfigureddevice representation 414 may enable the user content 422 to be pushedonto an IoT device that installs the preconfigured device representation414. Therefore, using the device representation parameters 412 and/orthe user content 422, the device configuration service 410 may createthe preconfigured device representation 414.

FIG. 5 illustrates an exemplary system and related operations fortriggering an execution of program code 512 in a service providerenvironment 500 based on a preconfigured device representation 522installed on an Internet of Things (IoT) device 520. The program code512 may be executed on a server 510 in the service provider environment500. The program code 512 may be executed on the server 510 based oninstructions from a program code triggering module 524 on the IoT device520. In other words, based on certain actions that occur on the IoTdevice 520, the program code triggering module 524 may trigger theexecution of the program code 512. In some cases, the execution of theprogram code 512 may produce an output, and the output may be providedto the IoT device 520.

In one example, after the preconfigured device representation 522 isinstalled on the IoT device 520, the program code triggering module 524may detect when a button is clicked or pressed on the IoT device 520,and the program code triggering module 524 may trigger the execution ofthe program code 512. As non-limiting examples, the execution of theprogram code 512 may result in the following functions: counting ortracking items, calling or alerting an individual, ordering services,providing feedback, unlocking or starting a vehicle, opening a garagedoor, controlling household appliances (e.g., media players, lightbulbs), etc.

In another example, after the preconfigured device representation 522 isinstalled on the IoT device 520, the program code triggering module 524may detect when an image or video is captured by the IoT device 520 anduploaded to a storage service that operates in the service providerenvironment 500. The execution of the program code 512 may cause theimage or video to be enhanced using appropriate software tools.

In yet another example, after the preconfigured device representation522 is installed on the IoT device 520, the program code triggeringmodule 524 may detect when sensor data is captured by the IoT device 520and uploaded to the service provider environment 500. The execution ofthe program code 512 may result in the detection of trends and/oranomalies in the sensor data.

FIG. 6 illustrates an example of a method for providing preconfigureddevice representations in a service provider environment. A plurality ofdevice representation parameters may be received for an Internet ofThings (IoT) device via a user account, as in block 610. The pluralityof device representation parameters may be received at a deviceconfiguration service that operates in the service provider environment.The device representation parameters may be received, for example, froma client computing device.

A preconfigured device representation may be created for the IoT device,as in block 620. The preconfigured device representation may be createdusing the device configuration service. The preconfigured devicerepresentation may be created based on the plurality of devicerepresentation parameters. The preconfigured device representation mayinclude various settings, parameters, media content files,configurations, etc. for the IoT device. The preconfigured devicerepresentation may be stored at the device configuration service. Inaddition, the preconfigured device representation may be associated withthe user account.

A registration request message may be received from the IoT device afterthe IoT device is powered on, as in block 630. For example, theregistration request message may be received after the IoT device ispowered on for a first time. The registration request message may bereceived at a device registration service that operates in the serviceprovider environment. The registration request message sent by the IoTdevice may include an authentication certificate. The authenticationcertificate may be stored on the IoT device during a manufacturingprocess.

The authentication certificate included in the registration requestmessage received from the IoT device may be verified as being a validauthentication certificate, as in block 640. The authenticationcertificate may be verified at the device registration service. In otherwords, the device registration service may verify an identity of the IoTdevice based on the authentication certificate, and that the IoT deviceis eligible to be registered with the service provider environment.

A device registration procedure may be performed to register the IoTdevice with the service provider environment, as in block 650. Thedevice registration procedure may be performed using the deviceregistration service. The device registration service may connect to theIoT device based on a device registration representation that ispre-installed on the IoT device during the manufacturing process. Thedevice registration representation may include a uniform resourcelocator (URL) associated with the device registration service.

In one example, a registration of the IoT device may enable the IoTdevice to connect to the device configuration service. Morespecifically, the registration of the IoT device may cause a non-genericregistration to be installed on the IoT device. The non-genericregistration may enable the IoT device to connect to the deviceconfiguration service and retrieve the preconfigured devicerepresentation. In addition, the registration of the IoT device mayassign a device identifier to the IoT device and associate the useraccount with the IoT device (e.g., the same user account that was usedwhen creating the preconfigured device representation).

The preconfigured device representation may be provided for installationof the plurality of device representation parameters on the IoT device,as in block 660. The preconfigured device representation may be providedfrom the device configuration service to the IoT device. In one example,the installation of the preconfigured device representation on the IoTdevice may enable the IoT device to be paired with program codes thatare executing in the service provider environment.

In one example, a request for the preconfigured device representationmay be received from the IoT device. The request may include the deviceidentifier assigned to the IoT device during the registration of the IoTdevice. The preconfigured device representation may be identified from adata store based on the device identifier. The preconfigured devicerepresentation may be provided to the IoT device for installation on theIoT device.

FIG. 7 illustrates an example of a method for providing preconfigureddevice representations in a service provider environment. A plurality ofdevice representation parameters may be received for a device via a useraccount, as in block 710. For example, the device representationparameters may be received from a client computing device at a deviceconfiguration service that operates in the service provider environment.

A preconfigured device representation may be created for the deviceusing the plurality of device representation parameters, as in block720. The preconfigured device representation may be created in theservice provider environment, and the preconfigured devicerepresentation may be associated with the user account. In one example,the preconfigured device representation may be created after the deviceis purchased and before the device initially connects to the serviceprovider environment. In another example, the preconfigured devicerepresentation may be created for the device during a fulfillment phaseof the device, and the preconfigured device representation may be storedat the device configuration service until the preconfigured devicerepresentation is retrieved by the device.

The device may be registered with the service provider environment, asin block 730. A registration of the device may be performed when thedevice initially connects to the service provider environment. Theregistration may assign a device identifier to the device and associatethe user account with the device. In other words, during registration,the device may be associated with the same user account that was usedwhen creating the preconfigured device representation. In one example, aregistration request message may be received from the device after thedevice is powered on and initially connects to the service providerenvironment, and the registration request message may be sent from thedevice using a publisher-subscriber model or a request-response model.

The preconfigured device representation may be provided for installationon the device, as in block 740. The preconfigured device representationmay be provided after the registration of the device is completed. Inone example, the installation of the preconfigured device representationon the IoT device may enable the IoT device to be paired with programcodes that are executing in the service provider environment. In anotherexample, the installation of the preconfigured device representation onthe device may enable the device to provide media content that isincluded in the preconfigured device representation.

In one example, a user interface may be provided that enables entry ofthe plurality of device representation parameters for the device. Theuser interface may offer a predefined set of available devicerepresentation parameters depending on a type of device. The availabledevice representation parameters may include settings, parameters, mediacontent files, drivers, proprietary instructions (e.g., custom scripts),configurations, etc. for the device. Using the user interface, a usermay select appropriate device representation parameters for the devicefrom the predefined set of available device representation parameters.In another example, a user interface may be provided that enables one ormore media content files to be uploaded or selected, and the mediacontent files may be integrated with the preconfigured devicerepresentation for the device.

In one configuration, information may be received regarding additionaldevices that are expected to be in network proximity to the device. Thepreconfigured device representation may be created to incorporate thedevice and the additional devices. In another configuration, a requestfor the preconfigured device representation may be received from thedevice. The preconfigured device representation may be identified from adata store based on the device identifier.

In one configuration, supplemental device representations may beprovided to the device after the registration of the device iscompleted, and the supplemental device representations may be tailoredto a type of device. In other words, the supplemental devicerepresentations may be selected depending on the type of device (e.g.,thermostat, farm equipment). The supplemental device representations mayinclude supplemental information that may be of use to the device. Thesupplemental information may further augment the capabilities providedby the preconfigured device representation to the IoT device.

In another configuration, the preconfigured device representation may beshared between the device and an additional device that has beenregistered with the device registration service, and the additionaldevice may be within a defined distance from the device. Thepreconfigured device representation may be shared between the IoTdevices using an appropriate communication protocol, such as Bluetoothor WiFi. The additional device that receives the preconfigured devicerepresentation may then install and utilize the preconfigured devicerepresentation.

FIG. 8 illustrates a computing device 810 on which modules of thistechnology may execute. A computing device 810 is illustrated on which ahigh level example of the technology may be executed. The computingdevice 810 may include one or more processors 812 (or micro controllers)that are in communication with memory devices 820. The computing devicemay include a local communication interface 818 for the components inthe computing device. For example, the local communication interface maybe a local data bus and/or any related address or control busses as maybe desired.

The memory device 820 may contain modules 824 that are executable by theprocessor(s) 812 and data for the modules 824. The modules 824 mayexecute the functions described earlier. A data store 822 may also belocated in the memory device 820 for storing data related to the modules824 and other applications along with an operating system that isexecutable by the processor(s) 812.

Other applications may also be stored in the memory device 820 and maybe executable by the processor(s) 812. Components or modules discussedin this description that may be implemented in the form of softwareusing high programming level languages that are compiled, interpreted orexecuted using a hybrid of the methods.

The computing device may also have access to I/O (input/output) devices814 that are usable by the computing devices. An example of an I/Odevice is a display screen that is available to display output from thecomputing devices. Other known I/O device may be used with the computingdevice as desired. Networking devices 816 and similar communicationdevices may be included in the computing device. The networking devices816 may be wired or wireless networking devices that connect to theinternet, a LAN, WAN, or other computing network.

The components or modules that are shown as being stored in the memorydevice 820 may be executed by the processor 812. The term “executable”may mean a program file that is in a form that may be executed by aprocessor 812. For example, a program in a higher level language may becompiled into machine code in a format that may be loaded into a randomaccess portion of the memory device 820 and executed by the processor812, or source code may be loaded by another executable program andinterpreted to generate instructions in a random access portion of thememory to be executed by a processor. The executable program may bestored in any portion or component of the memory device 820. Forexample, the memory device 820 may be random access memory (RAM), readonly memory (ROM), flash memory, a solid state drive, memory card, ahard drive, optical disk, floppy disk, magnetic tape, or any othermemory components.

The processor 812 may represent multiple processors and the memory 820may represent multiple memory units that operate in parallel to theprocessing circuits. This may provide parallel processing channels forthe processes and data in the system. The local interface 818 may beused as a network to facilitate communication between any of themultiple processors and multiple memories. The local interface 818 mayuse additional systems designed for coordinating communication such asload balancing, bulk data transfer, and similar systems.

FIG. 9 is a block diagram illustrating an example computing service 900that may be used to execute and manage a number of computing instances904 a-d upon which the present technology may execute. In particular,the computing service 900 depicted illustrates one environment in whichthe technology described herein may be used. The computing service 900may be one type of environment that includes various virtualized serviceresources that may be used, for instance, to host computing instances904 a-d.

The computing service 900 may be capable of delivery of computing,storage and networking capacity as a software service to a community ofend recipients. In one example, the computing service 900 may beestablished for an organization by or on behalf of the organization.That is, the computing service 900 may offer a “private cloudenvironment.” In another example, the computing service 900 may supporta multi-tenant environment, wherein a plurality of customers may operateindependently (i.e., a public cloud environment). Generally speaking,the computing service 900 may provide the following models:Infrastructure as a Service (“IaaS”), Platform as a Service (“PaaS”),and/or Software as a Service (“SaaS”). Other models may be provided. Forthe IaaS model, the computing service 900 may offer computers asphysical or virtual machines and other resources. The virtual machinesmay be run as guests by a hypervisor, as described further below. ThePaaS model delivers a computing platform that may include an operatingsystem, programming language execution environment, database, and webserver.

Application developers may develop and run their software solutions onthe computing service platform without incurring the cost of buying andmanaging the underlying hardware and software. The SaaS model allowsinstallation and operation of application software in the computingservice 900. End customers may access the computing service 900 usingnetworked client devices, such as desktop computers, laptops, tablets,smartphones, etc. running web browsers or other lightweight clientapplications, for example. Those familiar with the art will recognizethat the computing service 900 may be described as a “cloud”environment.

The particularly illustrated computing service 900 may include aplurality of server computers 902 a-d. The server computers 902 a-d mayalso be known as physical hosts. While four server computers are shown,any number may be used, and large data centers may include thousands ofserver computers. The computing service 900 may provide computingresources for executing computing instances 904 a-d. Computing instances904 a-d may, for example, be virtual machines. A virtual machine may bean instance of a software implementation of a machine (i.e. a computer)that executes applications like a physical machine. In the example of avirtual machine, each of the server computers 902 a-d may be configuredto execute an instance manager 908 a-d capable of executing theinstances. The instance manager 908 a-d may be a hypervisor, virtualmachine manager (VMM), or another type of program configured to enablethe execution of multiple computing instances 904 a-d on a singleserver. Additionally, each of the computing instances 904 a-d may beconfigured to execute one or more applications.

A server 914 may be reserved to execute software components forimplementing the present technology or managing the operation of thecomputing service 900 and the computing instances 904 a-d. For example,the server computer 914 may execute a device configuration service 915and a device registration service 917. The device configuration service915 may receive a plurality of device representation parameters for anInternet of Things (IoT) device. The device configuration service 915may create a preconfigured device representation for the IoT devicebased on the plurality of device representation parameters. The deviceregistration service 917 may receive a registration request message fromthe IoT device after the IoT device is powered on, and the registrationrequest message may include an authentication certificate. The deviceregistration service 917 may verify that the authentication certificateincluded in the registration request message received from the IoTdevice is a valid authentication certificate. The device registrationservice 917 may perform a device registration procedure that registersthe IoT device with the computing service 900. The registration of theIoT device may enable the IoT device to connect to the deviceconfiguration service 915. The device configuration service 915 mayprovide the preconfigured device representation to the IoT device.

A server computer 916 may execute a management component 918. A customermay access the management component 918 to configure various aspects ofthe operation of the computing instances 904 a-d purchased by acustomer. For example, the customer may setup computing instances 904a-d and make changes to the configuration of the computing instances 904a-d.

A deployment component 922 may be used to assist customers in thedeployment of computing instances 904 a-d. The deployment component 922may have access to account information associated with the computinginstances 904 a-d, such as the name of an owner of the account, creditcard information, country of the owner, etc. The deployment component922 may receive a configuration from a customer that includes datadescribing how computing instances 904 a-d may be configured. Forexample, the configuration may include an operating system, provide oneor more applications to be installed in computing instances 904 a-d,provide scripts and/or other types of code to be executed forconfiguring computing instances 904 a-d, provide cache logic specifyinghow an application cache is to be prepared, and other types ofinformation. The deployment component 922 may utilize thecustomer-provided configuration and cache logic to configure, prime, andlaunch computing instances 904 a-d. The configuration, cache logic, andother information may be specified by a customer accessing themanagement component 918 or by providing this information directly tothe deployment component 922.

Customer account information 924 may include any desired informationassociated with a customer of the multi-tenant environment. For example,the customer account information may include a unique identifier for acustomer, a customer address, billing information, licensinginformation, customization parameters for launching instances,scheduling information, etc. As described above, the customer accountinformation 924 may also include security information used in encryptionof asynchronous responses to API requests. By “asynchronous” it is meantthat the API response may be made at any time after the initial requestand with a different network connection.

A network 910 may be utilized to interconnect the computing service 900and the server computers 902 a-d, 916. The network 910 may be a localarea network (LAN) and may be connected to a Wide Area Network (WAN) 912or the Internet, so that end customers may access the computing service900. In addition, the network 910 may include a virtual network overlaidon the physical network to provide communications between the servers902 a-d. The network topology illustrated in FIG. 9 has been simplified,as many more networks and networking devices may be utilized tointerconnect the various computing systems disclosed herein.

While the flowcharts presented for this technology may imply a specificorder of execution, the order of execution may differ from what isillustrated. For example, the order of two more blocks may be rearrangedrelative to the order shown. Further, two or more blocks shown insuccession may be executed in parallel or with partial parallelization.In some configurations, one or more blocks shown in the flow chart maybe omitted or skipped. Any number of counters, state variables, warningsemaphores, or messages might be added to the logical flow for purposesof enhanced utility, accounting, performance, measurement,troubleshooting or for similar reasons.

Some of the functional units described in this specification have beenlabeled as modules, in order to more particularly emphasize theirimplementation independence. For example, a module may be implemented asa hardware circuit comprising custom VLSI circuits or gate arrays,off-the-shelf semiconductors such as logic chips, transistors, or otherdiscrete components. A module may also be implemented in programmablehardware devices such as field programmable gate arrays, programmablearray logic, programmable logic devices or the like.

Modules may also be implemented in software for execution by varioustypes of processors. An identified module of executable code may, forinstance, comprise one or more blocks of computer instructions, whichmay be organized as an object, procedure, or function. Nevertheless, theexecutables of an identified module need not be physically locatedtogether, but may comprise disparate instructions stored in differentlocations which comprise the module and achieve the stated purpose forthe module when joined logically together.

Indeed, a module of executable code may be a single instruction, or manyinstructions, and may even be distributed over several different codesegments, among different programs, and across several memory devices.Similarly, operational data may be identified and illustrated hereinwithin modules, and may be embodied in any suitable form and organizedwithin any suitable type of data structure. The operational data may becollected as a single data set, or may be distributed over differentlocations including over different storage devices. The modules may bepassive or active, including agents operable to perform desiredfunctions.

The technology described here can also be stored on a computer readablestorage medium that includes volatile and non-volatile, removable andnon-removable media implemented with any technology for the storage ofinformation such as computer readable instructions, data structures,program modules, or other data. Computer readable storage media include,but is not limited to, RAM, ROM, EEPROM, flash memory or other memorytechnology, CD-ROM, digital versatile disks (DVD) or other opticalstorage, magnetic cassettes, magnetic tapes, magnetic disk storage orother magnetic storage devices, or any other computer storage mediumwhich can be used to store the desired information and describedtechnology.

The devices described herein may also contain communication connectionsor networking apparatus and networking connections that allow thedevices to communicate with other devices. Communication connections arean example of communication media. Communication media typicallyembodies computer readable instructions, data structures, programmodules and other data in a modulated data signal such as a carrier waveor other transport mechanism and includes any information deliverymedia. A “modulated data signal” means a signal that has one or more ofits characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, radiofrequency, infrared, and other wireless media. The term computerreadable media as used herein includes communication media.

Reference was made to the examples illustrated in the drawings, andspecific language was used herein to describe the same. It willnevertheless be understood that no limitation of the scope of thetechnology is thereby intended. Alterations and further modifications ofthe features illustrated herein, and additional applications of theexamples as illustrated herein, which would occur to one skilled in therelevant art and having possession of this disclosure, are to beconsidered within the scope of the description.

Furthermore, the described features, structures, or characteristics maybe combined in any suitable manner in one or more examples. In thepreceding description, numerous specific details were provided, such asexamples of various configurations to provide a thorough understandingof examples of the described technology. One skilled in the relevant artwill recognize, however, that the technology can be practiced withoutone or more of the specific details, or with other methods, components,devices, etc. In other instances, well-known structures or operationsare not shown or described in detail to avoid obscuring aspects of thetechnology.

Although the subject matter has been described in language specific tostructural features and/or operations, it is to be understood that thesubject matter defined in the appended claims is not necessarily limitedto the specific features and operations described above. Rather, thespecific features and acts described above are disclosed as exampleforms of implementing the claims. Numerous modifications and alternativearrangements can be devised without departing from the spirit and scopeof the described technology.

What is claimed is:
 1. A method comprising: receiving, at a deviceregistration service that operates in a service provider environment, aregistration request message from a device, wherein the registrationrequest message includes a first authentication certificate; verifying,at the device registration service, that the first authenticationcertificate included in the registration request message received fromthe device is valid; and responsive to verifying that the firstauthentication certificate included in the registration request messagereceived from the device is valid, performing, using the deviceregistration service, a device registration procedure to register thedevice with the service provider environment, wherein registration ofthe device associates the device with an account on the service providerenvironment, wherein the device registration procedure comprisessending, from the device registration service to the device, adevice-specific authentication certificate, and wherein thedevice-specific authentication certificate enables the device to accessresources of the service provider environment associated with theaccount.
 2. The method of claim 1, wherein the first authenticationcertificate is installed on the device during manufacture of the device.3. The method of claim 1, wherein the first authentication certificateis generic among multiple devices including the device.
 4. The method ofclaim 1, wherein the device is an Internet-of-Things (IoT) device. 5.The method of claim 1, wherein registration of the device assigns adevice identifier to the device.
 6. The method of claim 1, wherein thedevice registration procedure comprises sending, from the device to thedevice registration service, a unique identifier of the device.
 7. Themethod of claim 1, wherein the device registration procedure furthercomprises replacing the first authentication certificate with thedevice-specific authentication certificate.
 8. A system comprising: adata store storing computer-executable instructions; and a processorconfigured to execute the computer-executable instructions, whereinexecution of the computer-executable instructions causes the system to:receive, at a device registration service that operates in a serviceprovider environment, a registration request message from a device,wherein the registration request message includes a first authenticationcertificate; verify, at the device registration service, that the firstauthentication certificate included in the registration request messagereceived from the device is valid; and responsive to verifying that thefirst authentication certificate included in the registration requestmessage received from the device is valid, perform, using the deviceregistration service, a device registration procedure to register thedevice with the service provider environment, wherein registration ofthe device associates the device with an account on the service providerenvironment, wherein the device registration procedure comprisessending, from the device registration service to the device, adevice-specific authentication certificate, and wherein thedevice-specific authentication certificate enables the device to accessresources of the service provider environment associated with theaccount.
 9. The system of claim 8, wherein the device registrationprocedure further comprises sending, from the device registrationservice to the device, configuration data defining, operation of thedevice.
 10. The system of claim 8, wherein the device registrationprocedure further comprises associating the device with a plurality ofadditional devices associated with the account.
 11. The system of claim8, wherein the device registration procedure further comprisesassociating the device with a shadow representation on the serviceprovider environment.
 12. The system of claim 8, wherein the device is afirst device, and wherein execution of the computer-executableinstructions further causes the system to obtain a request, from an enduser device, to associate the first device with the account.
 13. Thesystem of claim 8, wherein registration of the device assigns a deviceidentifier to the device.
 14. The system of claim 8, wherein the deviceregistration procedure comprises sending, from the device to the deviceregistration service, a unique identifier of the device.
 15. One or morenon-transitory computer-readable media comprising computer-executableinstructions that, when executed by a computing system, causes thecomputing system to: receive, at a device registration service thatoperates in a service provider environment, a registration requestmessage from a device, wherein the registration request message includesa first authentication certificate; verify, at the device registrationservice, that the first authentication certificate included in theregistration request message received from the device is valid; andresponsive to verifying that the first authentication certificateincluded in the registration request message received from the device isvalid, perform, using the device registration service, a deviceregistration procedure to register the device with the service providerenvironment, wherein registration of the device associates the devicewith an account on the service provider environment, wherein the deviceregistration procedure comprises sending, from the device registrationservice to the device, a device-specific authentication certificate, andwherein the device-specific authentication certificate enables thedevice to access resources of the service provider environmentassociated with the account.
 16. The one or more non-transitorycomputer-readable media of claim 15, wherein the device registrationprocedure further comprises sending, from the device registrationservice to the device, configuration data defining operation of thedevice.
 17. The one or more non-transitory computer-readable media ofclaim 15, wherein the device registration procedure further comprisesassociating the device with a plurality of additional devices associatedwith the account.
 18. The one or more non-transitory computer-readablemedia of claim 15, wherein the device registration procedure furthercomprises associating the device with a shadow representation on theservice provider environment.
 19. The one or more non-transitorycomputer-readable media of claim 15, wherein the device is a firstdevice, and wherein execution of the computer-executable instructionsfurther causes the system to obtain a request, from an end user device,to associate the first device with the account.
 20. The one or morenon-transitory computer-readable media of claim 15, wherein registrationof the device assigns a device identifier to the device.